Apple Web Server notifications, 2012

This article provides credit to people who have reported potential security issues in Apple's web servers.

Credits

2012-12-20 iforgot.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Danijel Maksimović (@MaXon3) for reporting this issue.

2012-12-19 training.apple.com

An out-of-date software issue was addressed. We would like to acknowledge Shubham Mittal of 3ncrypt0r.blogspot.com for reporting this issue.

2012-12-18 ssl.apple.com

An SSL configuration issue was addressed. We would like to acknowledge Adam Ziaja of adamziaja.com for reporting this issue.

2012-12-17 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Vikas Chopalli and Naresh Chattala of gitamite.com, and Roy Castillo (roy-castillo.com) of Informatics Computer Institute - Cebu, Philippines for reporting this issue.

2012-12-17 appleid.apple.com

A session fixation issue was addressed. We would like to acknowledge Ben Brenner for reporting this issue.

2012-12-14 widgets.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil), and Atulkumar Hariba Shedage and Ritesh Arunkumar Sarvaiya of defencely.com for reporting this issue.

2012-12-11 daw.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-12-07 ssl.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Emanuel Bronshtein (@e3amn2l) for reporting this issue.

2012-12-06 ax.search.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of detectify.com for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Thamatam Deepak (Mr.47™) Of V.M.R Polytechnic Warangal, and Mohit Kumar (@unix_root) of The Hacker News for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jatinpreet Singh of AKSIPS (Ajit Karam Singh International Public School, Chandigarh), M.R.Vignesh Kumar (@vigneshkumarmr) and Alok.J.Sudhakar of Team SecurityPrimes, Ajay Singh Negi of iViZ Techno Solutions Pvt. Ltd., and JATIN JAIN and Nikhil Kumar for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mohamed Ramadan from Attack-Secure.com, Himanshu Sharma (нα¢кєя) and Advait Joshi (S.V.P.C.E.T.) for reporting this issue.

2012-12-02 locate.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil) for reporting this issue.

2012-11-30 itunes.com

A cross-site scripting issue was addressed. We would like to acknowledge Frans Rosén of detectify.com for reporting this issue.

2012-11-30 store.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-11-29 canadaedu.apple.com

A potential header injection issue was addressed. We would like to acknowledge Ucha Gobejishvili (twitter.com/longrifle0x), Mayur Lohite of techdeviners.com, Rafay Baloch of rafayhackingarticles.net, Douglas Lourenço (@DouglasLour) of elitewhitehat.com.br, Deepanker Verma of HackingTricks.in, and Prakhar Prasad for reporting this issue.

2012-11-28 developer.apple.com

A server configuration disclosure issue was addressed. We would like to acknowledge Mohamed Ramadan of Attack-Secure.com for reporting this issue.

2012-11-27 enroll.vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Rishal & Manjot, and Harsha Vardhan Boppana for reporting this issue.

2012-11-26 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Bozhidar Grujoski of SOU Gimnazija Mirche Acev for reporting this issue.

2012-11-16 ali.apple.com

A server configuration issue was addressed. We would like to acknowledge Julius Kivimäki for reporting this issue.

2012-11-15 origin-discussions-kr.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Ryan Dewhurst of randomstorm.com, and Prakhar Prasad for reporting this issue.

2012-11-14 searchcgi.apple.com

A local file inclusion issue was addressed. We would like to acknowledge Никола Којић (Nikola Kojic) for reporting this issue.

2012-11-08 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde (St. Francis Institute of Technology (SFIT)) and Dylan S. Hailey (@TibitXimer) for reporting this issue.

2012-11-05 chomp.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-11-02 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Deniz Isik of bursali.eu for reporting this issue.

2012-10-30 support.apple.com

Reflected cross-site scripting issues were addressed. We would like to acknowledge Anupam Bishui of iiserrors.com, and Gerardo Salazar for reporting these issues.

2012-10-28 selfsolve.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Ahmad Ashraff (@yappare) for reporting this issue.

2012-10-25 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Milad Bahari Rad (@Milad_Bahari) for reporting this issue.

2012-10-19 education.apple.com

A server configuration issue was addressed. We would like to acknowledge Douglas Lourenço (@DouglasLour) of elitewhitehat.com.br for reporting this issue.

2012-10-11 rtc.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2012-10-10 id.apple.com

A weak DKIM cryptographic key was replaced. We would like to acknowledge Zach Harris (@DrZacharyHarris) of Ninebark Consulting for reporting this issue.

2012-10-04 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Florian Grunow for reporting this issue.

2012-10-04 trailers.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-10-04 appldnld.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-10-04 concierge.apple.com

An SSL configuration error was addressed. We would like to acknowledge Alexander Burke of alexburke.ca for reporting this issue.

2012-10-04 iforgott.apple.com

A URL disclosure issue was addressed. We would like to acknowledge Alessio Ganci of ssep.it for reporting this issue.

2012-10-04 canadaapp.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-10-04 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-10-04 apple.com

A server configuration issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-10-04 searchcgi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Meir Bank of meirbank.com for reporting this issue.

2012-10-03 developer.apple.com

An iframe injection issue was addressed. We would like to acknowledge Mikko Saario of Nokia Corporation for reporting this issue.

2012-09-25 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Kamil Sevi (@sevikamil) for reporting this issue.

2012-09-25 consultants-locator.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Michael Blake for reporting this issue.

2012-09-24 trailers.apple.com

An SQL injection issue was addressed. We would like to acknowledge Dinesh Shetty of Paladion Networks for reporting this issue.

2012-09-20 apple.com/recycling

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo of ARTeam (@Gunther_AR) for reporting this issue.

2012-09-19 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Yosuke Hasegawa of NetAgent Co., Ltd and Mario Gomes (@NetFuzzer) for reporting this issue.

2012-09-18 docs.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-09-18 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and [tcpper] for reporting this issue.

2012-09-18 iphone-ld.apple.com

A directory-indexing issue was addressed. We would like to acknowledge Krutarth Shukla & Harsha Vardhan Boppana for reporting this issue.

2012-09-11 acn-members.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-09-11 edseminars.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Siddhesh Gawde of St. Francis Institute of Technology (SFIT) for reporting this issue.

2012-09-07 canadaedu.apple.com

An information disclosure issue was addressed. We would like to acknowledge Mayur Lohite of mayurlohite.blogspot.in for reporting this issue.

2012-08-31 docs.info.apple.com

A server configuration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-08-30 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Ioannis Kapolos of firstplace.gr for reporting this issue.

2012-08-30 crt.apple.com

A directory traversal issue was addressed. We would like to acknowledge Kirill Ermakov of Positive Research (ptsecurity.com/research/advisory/) for reporting this issue.

2012-08-29 docs.info.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and Mario Gomes (@NetFuzzer) of netfuzzer.blogspot.com for reporting this issue.

2012-08-28 edseminars.apple.com

An arbitrary code execution issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-08-13 discussionskorea.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2012-08-10 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Jaume Llopis of Ka0labs.net for reporting this issue.

2012-08-10 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge João Lucas Melo Brasio of White Hat Hackers Consultoria de Segurança da Informação LTDA (whitehathackers.com.br) for reporting this issue.

2012-08-09 consultants-locator.apple.com

An exposed session identifier issue was addressed. We would like to acknowledge Rishal Dwivedi of Kendriya Vidyalaya & Manjot Singh of Punjab Agriculture University for reporting this issue.

2012-08-09 support.apple.com/kb

An SQL injection issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2012-08-07 discussions.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-07-30 apple.com/promo/rebate

An application logic issue was addressed. We would like to acknowledge Adam Markowitz for reporting this issue.

2012-07-24 auth.me.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-07-24 fderegt.apple.com

A server configuration issue was addressed. We would like to acknowledge Alessio Ganci of ssep.it for reporting this issue.

2012-07-18 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Subho Halder, Isha Bhattacharya, Aditya Gupta and Dev Kar of XYSec Team for reporting this issue.

2012-07-18 promo.euro.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-07-18 iforgot.apple.com

A URL expiration issue was addressed. We would like to acknowledge JATIN JAIN (jatinjain.co.cc) for reporting this issue.

2012-07-17 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge João Lucas Melo Brasio of White Hat Hackers Consultoria de Segurança da Informação LTDA (whitehathackers.com.br) for reporting this issue.

2012-07-09 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Emanuel Bronshtein for reporting this issue.

2012-07-01 icloud.com/calendar

A cross-site scripting issue was addressed. We would like to acknowledge Damien Couturier for reporting this issue.

2012-06-30 auth.me.com

A cross-site scripting issue was addressed. We would like to acknowledge David Vieira-Kurz of MajorSecurity (majorsecurity.net) for reporting this issue.

2012-06-28 swdlp.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-06-25 store.apple.com

An open redirector issue was addressed. We would like to acknowledge Rafael Silva of EstuárioTI for reporting this issue.

2012-06-25 chomp.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Jacob Soo (@Gunther_AR) of ARTeam for reporting this issue.

2012-06-06 canadaedu.apple.com

An SQL injection issue was addressed. We would like to acknowledge Harsha Vardhan Boppana of Vignan University and Saurabh Chandrakant Nemade of PCCOE PUNE for reporting this issue.

2012-05-21 espressoweb.apple.com

A server configuration issue was addressed. We would like to acknowledge Diego Pérez López (@capitantiquela) of El Pilón Security for reporting this issue.

2012-05-21 appledirectory.apple.com

A server configuration issue was addressed. We would like to acknowledge Diego Pérez López (@capitantiquela) of El Pilón Security for reporting this issue.

2012-05-16 lists.apple.com

A persistent cross-site scripting issue and an information disclosure issue were addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting these issues.

2012-05-15 onetoone.apple.com

A mixed-content issue was addressed. We would like to acknowledge Ari Rubenstein for reporting this issue.

2012-05-11 discussions.apple.com

A clickjacking issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-05-11 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Juan Galiana Lara for reporting this issue.

2012-05-03 reseller.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Lukas Reschke (statuscode.ch) for reporting this issue.

2012-05-02 mfi.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-04-30 support.apple.com/kb

A cross-site scripting issue was addressed. We would like to acknowledge -Divine-, Ucha Gobejishvili (twitter.com/longrifle0x), Christof Porten of tomate-blog.de, Atul Shedage of securitysolution.co.in, Matthew Wong of Spotflux, Vasil Andonov, and Jim Leirvik for reporting this issue.

2012-04-25 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2012-04-14 daw.apple.com

A redirection issue was addressed. We would like to acknowledge João Lucas Melo Brasio of DotFive Labs Desenvolvimento de Softwares LTDA (Brazil) (dotfivelabs.com.br) for reporting this issue.

2012-04-13 eduapp.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mateusz Goik of AliantSoft for reporting this issue.

2012-04-09 iTunes.apple.com

An insecure cookie issue was addressed. We would like to acknowledge Bernhard 'Bruhns' Brehm of Recurity Labs for reporting this issue.

2012-04-04 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-04 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Freedom of DIY-HACK.com for reporting this issue.

2012-04-03 support.apple.com

A server configuration issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-03-30 applecaresurvey.apple.com

A server configuration issue was addressed. We would like to acknowledge Hendrik Lowen of MGS Bank (mgs.li) and Laurent Oudot of TEHTRI-Security for reporting this issue.

2012-03-30 search.lists.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-30 lists.apple.com

A server configuration issue was addressed. We would like to acknowledge Julius Kivimäki for reporting this issue.

2012-03-30 consultants.apple.com

A file path injection issue was addressed. We would like to acknowledge olivier beg of bitshosting.nl for reporting this issue.

2012-03-29 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Jobert Abma of Online24 for reporting this issue.

2012-03-29 lists.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-03-29 rtc.euro.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-29 acn-members.apple.com

A server configuration issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-03-26 developer.apple.com

A server configuration issue was addressed. We would like to acknowledge Laurent Oudot of TEHTRI-Security.com for reporting this issue.

2012-03-26 widgets.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Elvin Hayes Gentiles of Technological University of the Philippines for reporting this issue.

2012-03-22 enroll.vpp.itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Pedro Jorge da Silva Batista for reporting this issue.

2012-03-22 consultants.apple.com

A type conversion issue and server configuration issue were addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting these issues.

2012-03-22 consultants.apple.com

A server configuration issue was addressed. We would like to acknowledge Shadab Siddiqui for reporting this issue.

2012-03-21 itunes.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Masato Kinugawa for reporting this issue.

2012-03-19 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Gomes (@NetFuzzer) of netfuzzer.blogspot.com for reporting this issue.

2012-03-16 tunes.apple.com

An SQL injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research and Till Toenges of Kyon for reporting this issue.

2012-03-14 edseminars.apple.com

An SQL injection issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-03-14 edseminars.apple.com

SQL injection and cross-site scripting issues were addressed. We would like to acknowledge Mohd. Shadab Siddiqui of vulnerability-lab.com for reporting these issues.

2012-03-09 icloud.com/mail

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-03-05 jiveuat-us.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-02-29 icloud.com/contacts

A cross-site scripting issue was addressed. We would like to acknowledge Kyle Osborn of @thekos for reporting this issue.

2012-02-24 iforgot.apple.com

A redirection issue was addressed. We would like to acknowledge Joao Lucas Melo Brasio of White Hat Hackers & DotFive Labs & PUC-Campinas (Brazil) (whitehathackers.com.br), and Himanshu Sharma (нα¢кєя) of s3curity.net for reporting this issue.

2012-02-21 mynews.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-20 discussions.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Alexander Fuchs of vulnerability-lab.com for reporting this issue.

2012-02-15 volume.itunes.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-14 apple.com/hk/reseller

A cross-site scripting issue was addressed. We would like to acknowledge alpacahack.com for reporting this issue.

2012-02-12 expresslane.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Spotflux for reporting this issue.

2012-02-10 apple.com/global

A reflected cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Sow Ching Shiong of Stratsec for reporting this issue.

2012-02-03 consultants.apple.com

A server misconfiguration issue was addressed. We would like to acknowledge Chema Alonso and Manu "The Sur" of Informatica64.com for reporting this issue.

2012-02-02 genifp.apple.com

A header injection issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-02-01 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma (нα¢кєя) of s3curity.net and Pratik KC (phybeя) of phybersecurity.net for reporting this issue.

2012-02-01 promo.euro.apple.com/tellafriend

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia for reporting this issue.

2012-01-26 evaluatemacs.apple.com

A full path disclosure issue was addressed. We would like to acknowledge Prashant Sharma (@ps_manu) of LBSS Pvt. Ltd. for reporting this issue.

2012-01-25 jobs.apple.com

A reflected cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-25 jobs.apple.com

An HTML injection issue was addressed. We would like to acknowledge Daejin Lee from Daeyeon High School, Busan, South Korea for reporting this issue.

2012-01-25 store.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Griffin Francis of John Paul College, NSW, Australia and Suleman Ali of the Dunbarton HS in Canada for reporting this issue.

2012-01-24 itunesconnect.apple.com

An application logic issue was addressed. We would like to acknowledge Tim Sawtell from Sawtell Software, Tom Andersen of Spot Documents, Apptividia Co., Ltd, and Jonathan Lint for reporting this issue.

2012-01-17 images.apple.com

A Flash-based cross-site scripting issue was addressed. We would like to acknowledge Szymon Gruszecki for reporting this issue.

2012-01-13 storechat.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Matthew Wong of Brooklyn Technical High School for reporting this issue.

2012-01-13 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Maxim Rupp for reporting this issue.

2012-01-12 wdg2.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Mario Gomes for reporting this issue.

2012-01-09 discussions.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Nils Juenemann of nilsjuenemann.de for reporting this issue.

2012-01-09 store.apple.com

A DOM-based cross-site scripting issue was addressed. We would like to acknowledge David Hoyt of Hoyt LLC Research for reporting this issue.

2012-01-09 developer.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Marc-Etienne M.Léveillé of CISSP Groupies and Edovia for reporting this issue.

2012-01-09 icloud.com

A cross-site scripting issue was addressed. We would like to acknowledge Keita Haga of keitahaga.com for reporting this issue.

2012-01-09 appleseed.apple.com

An access control issue was addressed. We would like to acknowledge Christopher SJ Ong for reporting this issue.

2012-01-06 consultants.apple.com

A cross-site scripting issue was addressed. We would like to acknowledge Himanshu Sharma (нα¢кєя) of s3curity.net, Cim Stordal, Belmin Vehabovic, Jose A. Vazquez of spa-s3c.blogspot.com, Keita Haga of keitahaga.com, Olivier Beg of spinozalyceum, and Aditya Gupta, Subho Halder and Dev Kar from KIIT University, India for reporting this issue.

Web Server notifications by year

For information about Apple Web Server notifications from previous years, see these documents:

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.